The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
SecurityWeek

Cisco Releases Open Source Tool for AI Model Provenance

The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident ...
SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...

Why OpenAI's 'goblin' problem matters — and how you can release the goblins on your own

If OpenAI can accidentally train its flagship model to obsess over goblins, what other more subtle and potentially harmful ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...

Copy fail flaw impacts all Linux kernels released since 2017

Linux users should update their servers now, or face possible attack.
MUO on MSN

I switched to Linux for local LLMs and setup that took hours on Windows took minutes

What looks simple on Windows quietly turns into hours of troubleshooting.
GovInfoSecurity

Breach Roundup: US Cyber Command Flags Election Threats

This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation ...